The present invention is in the field of electronic authentication and authenticated key agreement. The purpose of the invention is to provide a method of authenticated key agreement in a client to server setting that advances the concept of two-factor authentication and provides an alternative to token based schemes that are often based on expensive (and irreplaceable) smart-card tokens, and provides an alternative to password-only schemes require that username and password management in a client and server context.